CVE-2013-4243 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243): Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2451
Potential patch available from Open Suse: http://lwn.net/Articles/568120/ Patch also fixes following CVE's: This tiff security update fixes several buffer overflow issues and a out-of-bounds wirte problem. * tiff: buffer overflows/use after free problem [CVE-2013-4231][CVE-2013-4232][bnc#834477] * libtiff (gif2tiff): OOB Write in LZW decompressor [CVE-2013-4244][bnc#834788] * libtiff (gif2tiff): heap-based buffer overflow in readgifimage() [CVE-2013-4243][bnc#834779] Upstream please confirm and Ebuild.
(In reply to Yury German from comment #1) > Potential patch available from Open Suse: > http://lwn.net/Articles/568120/ > > Patch also fixes following CVE's: > This tiff security update fixes several buffer overflow > issues and a out-of-bounds wirte problem. > > * tiff: buffer overflows/use after free problem > [CVE-2013-4231][CVE-2013-4232][bnc#834477] this one seems to be covered already. *tiff-4.0.3-r4 (23 Aug 2013) *tiff-4.0.3-r5 (23 Aug 2013) 23 Aug 2013; Samuli Suominen <ssuominen@gentoo.org> +files/tiff-4.0.3-CVE-2013-4231.patch, +files/tiff-4.0.3-CVE-2013-4232.patch, +tiff-4.0.3-r4.ebuild, +tiff-4.0.3-r5.ebuild: Fix for CVE-2013-4231 (and CVE-2013-4232) from upstream. See security bug #480466. The -r4 is for stabilization without multilib-minimal.eclass usage.
(In reply to Yury German from comment #1) > Potential patch available from Open Suse: > http://lwn.net/Articles/568120/ > > Patch also fixes following CVE's: > This tiff security update fixes several buffer overflow > issues and a out-of-bounds wirte problem. > > * tiff: buffer overflows/use after free problem > [CVE-2013-4231][CVE-2013-4232][bnc#834477] > * libtiff (gif2tiff): OOB Write in LZW decompressor > [CVE-2013-4244][bnc#834788] This one is bug 486590. So lets keep this bug only for CVE-2013-4243. Just added to confusion.
@arches, please stabilize >=media-libs/tiff-4.0.5 @maintainer(s), once stabilization is complete please remove vulnerable versions, <media-libs/tiff-4.0.3
(In reply to Aaron Bauman from comment #4) > @arches, please stabilize >=media-libs/tiff-4.0.5 4.0.6 or 4.0.5?
@arches, please stabilize =media-libs/tiff-4.0.6
I wouldn't recommend changing the bug title to reflect <media-libs/tiff-4.0.6 as it implies that all versions less than that are vulnerable which is not the case here. This can be applied to most bugs, as often unstable versions are available that mitigate certain vulnerabilities. @arches, does this titling make it easier for you to track or use various tools?
amd64 stable
Stable for HPPA PPC64.
arm stable
Stable on alpha.
x86 stable
ppc stable
sparc stable
ia64 stable
The remaining arches a not officially "stable" then maybe they should not block the subsequent "CVE" process here :/
Removing unstable arches from CC. @maintainer(s), please cleanup vulnerable versions.
Cleaned up vulnerable versions: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f65cfb30904aa816aa0977ce4ccf188f8c31e1a
New GLSA request filed.
This issue was resolved and addressed in GLSA 201701-16 at https://security.gentoo.org/glsa/201701-16 by GLSA coordinator Thomas Deutschmann (whissi).